Petr Juhanak of Accenture, Dylan Pindur of Assetnote, and Wisdomtree of Ant Group Digital Financial Security Team have discovered two vulnerabilities in Citrix ADC and Citrix Gateway. CVE-2023-24487 may allow attackers to read arbitrary files. CVE-2023-24488 is a cross-site scripting vulnerability that may allow an attacker to execute JavaScript in the victim’s browser. Citrix ADC … Continue reading “Citrix ADC and Citrix Gateway Arbitrary File Read and Cross-Site Scripting Vulnerabilities (CVE-2023-24487 & CVE-2023-24488)”
Tag: Citrix Gateway
Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)
Citrix has released patches for an actively exploited zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway. Tracked as CVE-2022-27518, this critical vulnerability could allow arbitrary code execution on the vulnerable system on successful exploitation. Citrix states in the blog, “We are aware of a small number of targeted attacks in the … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Arbitrary Code Execution Vulnerability (CVE-2022-27518)”
Patches Released for Multiple Vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516)
Citrix has released patches for multiple vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516). These vulnerabilities can be exploited by an attacker to gain unauthorized access to the device, take over remote desktops, or bypass the login brute force protection. Citrix Gateway unifies remote access infrastructure to offer single sign-on for all applications, … Continue reading “Patches Released for Multiple Vulnerabilities in Citrix Gateway and ADC (CVE-2022-27510, CVE-2022-27513, and CVE-2022-27516)”